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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 GFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 25 July 2011 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D An election was made by the applicant in response to a restriction requirement set forth during the interview on 

; the restriction requirement and election have been incorporated into this action. 

4) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

5) S Claim(s) 1-22,25,27-34,36,40.41 and 43-47 is/are pending in the application. 

5a) Of the above claim(s) is/are withdrawn from consideration. 

6) D Claim(s) is/are allowed. 

7) E| Claim(s) 1-22. 25. 27-34. 36. 40. 41 and 43-47 is/are rejected. 

8) D Claim(s) is/are objected to. 

9) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

10)D The specification is objected to by the Examiner. 

1 1 )□ The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

12) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. §119 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)d All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Detailed Action 
Response to Arguments 

Applicant's arguments with respect to claims 1 -22, 25, 27-34, 36, 40, 41 and 43-47 have been considered 

but are moot in view of the new ground(s) of rejection. 

The 112 rejections of the previous action have been withdrawn. 



Claim Rejections - 35 USC § 101 

1 . 35 U.S.C. 1 01 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. Said claim recites a storage medium configured to perform a method. The 
storage medium is defined in the specification as including a signal and is thus non-statutory. Appropriate 
correction is required. 



Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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2. Claim 1 -22, 25, 27-34, 36, 40, 41 and 43-47 are rejected under 35 U.S.C. 1 03(a) 
as being unpatentable over Bradee, US PGP No. 20020095571 and further in view of 
Ballantyne (US Patent No. 5867821). 
As per claim 1 , 9, 16, 29, and 40, Bradee teaches: 

A method for signing access operations to electronic data, comprising: 

performing a security check upon each access operation in order to ascertain the identity of a user; 
assigning a user signature, identifying the user, on the basis of the performed security check without 
being viewable by the user; 

[see paragraph 40, wherein user ID corresponds to the claimed "identity of a user".] 
[see paragraphs 41 and 42 wherein the surrogate ID corresponds to the "user signature" and 
wherein the surrogate ID is not disclosed to the user] 
assigning at least one role signature, each role signature being assignable to a plurality of users, on the 
basis of the performed security check without being viewable by the user, each role signature identifying 
a different activity group with a particular responsibility and at least one role affiliation to the activity group; 
[see paragraph 42, wherein the surrogate ID and password correspond to the user ID's assigned 
user role. Examiner views this as the claimed "role signature". The surrogate ID and password 
are not disclosed to the user.] 

[see paragraph 47, wherein user roles are further defined.] 

[see paragraph 57, wherein user roles identify different activity groups and responsibilities and 
role affiliations] 

The Bradee reference has been discussed above. While Bradee is concerned with assigning role 
signatures to identify a user, Bradee is mute in teaching that access operations of the user are 
signed using the user and role signatures. The Ballentyne reference is relied upon to teach the 
signing of access operations with the user's user and role signatures. For the sake of clarity, 
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operations. Bradee is already cited to 



Ballentyne teaches the following: 

signing each access operation to electronic data by specifying the user signature and the at least one role 
signature; and 

[see col. 8, lines 53-60, wherein Ballentyne teaches that access patient records are documented] 
recording each access operation by storing, in an audit memory, accessed data information and access 
operation information together with the user signature and the at least one role signature specified for 
each access operation, 

[see col. 8, lines 53-60, wherein Ballentyne teaches that access patient records are documented] 
wherein the user signature is recorded in a user signature memory and in the audit memory, 
the accessed data is stored in an application data store, and 

[see col. 8, lines 53-60, wherein Ballentyne teaches that access patient records are documented 
and a patient may request an access log which shows an audit trail showing when and who 
access the patient's records. While Ballentyne does not specifically cite that the accessed data is 
stored in a data store or an audit memory, it is clear that storage must be necessary so that 
records of the access can be retrieved and presented to the patient at their request] 
the at least one role signature is recorded in a role signature memory and in the audit memory. 

[see col. 8, lines 53-60, wherein Ballentyne teaches that access patient records are documented. 
Examiner views documenting the access as a recording of the user who accessed the data.] 



Since the Bradee reference already teaches user signatures and role signatures as well as data caches 
that store said signatures (paragraph 31), it would be obvious to one of ordinary skill in the art to modify 
the Bradee reference to sign access operations using said signatures in order to keep a record of when 
and who accessed data and what actions took place once access was given so that the records can be 
given to users of the system. 
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As per claims 2, 10, and 30: 

The method as claimed in claim 1 , wherein the security check involves biometric data from the user being 
ascertained. 

The Bradee reference teaches that a username and password are ascertained and used during 
the security check. Bradee does not specifically cite biometric data being used. Examiner views 
this as merely a matter of design choice and that it would be obvious to ascertain biometric data 
representing a username for access procedures. Biometric data used for access control and 
authentication are well known in the art. 

As per claims 3, 11 , 1 7, and 31 : 

The method as claimed in claim 1 , wherein the security check involves reading at least one of an 
electronic and mechanical key. 

[Please see rejection of claim 2, wherein an electrical or mechanical key are also viewed as 

obvious design choices as methods for access control and authentication.] 

As per claims 4, 12, 18, 19, 25, and 32: 

The method as claimed in claim 1 , wherein the user signature to be assigned is ascertainable on the 
basis of the data ascertained in the security check, by checking a user signature memory. 

[see paragraph 0026, "database 24"] 
As per claims 5, 13, 20, 21, 27, and 33, Bradee teaches: 

The method as claimed in claim 1 , wherein the role signature to be assigned is ascertainable on the basis 
of the data ascertained in the security check, by checking a role signature memory. 

[see paragraph 41] 
As per claims 6, 14, 22, 28, 34, Bradee teaches: 

The method as claimed in claim 4, wherein the user signature memory is checked using a data 
telecommunication link. 
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[see paragraph 32] 
As per claim 7, Bradee teaches: 

The method as claimed in claim 1 , the at least one role signature is a plurality of role signatures.. 
[see paragraph 57] 

As per claims 8, 15, and 36, Ballentyne teaches: 

The method as claimed in claim 1 , wherein the data are medically relevant, wherein the users are medical 
specialist personnel, and wherein the roles are formed in line with the workgroups within the medical 
specialist personnel. 

[see col. 8, lines 1-64] 
As per claim 41, Bradee teaches: 

The method as claimed in claim 40, wherein an access operation can be reconstructed by specifying at 
least one of the user's former and current role signatures. 

[see paragraph 56] 
As per claims 43-46, Ballantyne teaches: 

The method as claimed in claim 1 , wherein the user signature memory and the role signature memory are 
maintained independently from the audit memory. 

[see col. 15, lines 40-67, and col. 16, lines 1-13] 
As per claim 47, Bradee teaches: 

The method as claimed in claim 1 , wherein the at least one role affiliation includes one of an 
administrative team, project manager, practicing physician, medical cotechnical assistant, system 
administrator and personnel department. 
[see paragraph 57] 
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Any response to this Office Action should be faxed to (571 ) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 
be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 

/Daniel L. Hoang/ 
Examiner, Art Unit 2436 



/Nasser Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



